crypto

package
v0.33.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 20, 2021 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Overview

Package crypto provides the all cryptographic functions used by the client (e.g. to encrypt/decrypt secrets).

Index

Constants

View Source 
const (
	// DefaultSaltLength defines the recommended length of salts used in
	// key derivation algorithms. The minimum value recommended by Section
	// 4.1 of  RFC 2898, Password-Based Cryptography (September 2000), is
	// 8 octets (64-bits).
	//
	// As recommended by the RFC, two non-random octets (16 bits) are prepended
	// to the salt. These 16 bits define the 'salt purpose' and are used to
	// distinguish between between different algorithms (e.g. AES-GCM), key
	// lengths (e.g. 256 bits) and operation types (e.g. credential encryption).
	// This distinction ensures salts are never reused for different purposes.
	// So, whenever a salt or it's derived value is used, the salt's
	// purpose should be verified.
	//
	// Because salt length does not significantly impact performance, we have
	// chosen the salt length to be very long. With 32 octet (256 bits) long
	// salts, we don't have to worry about world-wide uniqueness and collisions
	// are only likely to occur after generating 2^128 salts according to the
	// Birthday Paradox.
	//
	// Summarizing the RFC, choosing a sufficiently large salt length has
	// the following two benefits:
	//
	// 1. 	It is difficult for an opponent to precompute all the keys
	//		corresponding to a dictionary of passwords, or even the most
	//		likely keys. An opponent is thus limited to searching for
	//		passwords after a password-based operation has been performed
	//		and the salt is known.
	//
	// 2.	It is unlikely that the same key will be selected twice. This
	//      addresses some of the concerns about interactions between
	//      multiple uses of the same key, which may apply for some
	//      encryption and authentication techniques.
	//
	// Read more about this in the RFC itself: https://www.ietf.org/rfc/rfc2898.txt
	DefaultSaltLength = 32

	// MinSaltLength defines the minimal salt length as 8 random octets.
	// See DefaultSaltLength for a more extensive explanation.
	MinSaltLength = 8
)
View Source 
const (
	// SaltAlgoNone is defined here so it isn't left open
	// for potential initialization errors. Note that it is
	// not a valid algorithm.
	SaltAlgoNone      = 0x00
	SaltAlgoAES128GCM = 0x01
	SaltAlgoAES196GCM = 0x02
	SaltAlgoAES256GCM = 0x03
)

Salt algorithms

View Source 
const (
	// SaltOperationNone is defined here so it isn't left open
	// for potential initialization errors. Note that it is
	// not a valid operation.
	SaltOperationNone                      = 0x00
	SaltOperationLocalCredentialEncryption = 0x01
	SaltOperationHTTPAuthentication        = 0x02
)

Salt operations

View Source 
const (
	// DefaultScryptKeyLength defines the default key length (256 bits) of the derived key.
	DefaultScryptKeyLength = SymmetricKeyLength

	// DefaultScryptN is the work factor of the scrypt key derivation
	// function. Changing the work factor N linearly scales the memory
	// and CPU usage of the key derivation function. N must be a power
	// of 2 to allow for optimizations inside the algorithm using bit
	// masking.
	//
	// The value has been set to 2^15, which is the biggest power of two
	// that will run the scrypt key derivation function in approximately
	// 100ms on "most commodity workstations". The 100ms is the recommended
	// time cost for interactive use cases that won't bother the user, e.g.
	// typing in CLI commands and providing a passphrase each time which is
	// used to derive a key.
	//
	// Read more about the parameters, how they work and how to determine their values
	// in this blog post: https://blog.filippo.io/the-scrypt-parameters/
	//
	// Also, this the value recommended in the official GoDocs.
	DefaultScryptN = 1 << 15

	// DefaultScryptR determines the sequential read size of the scrypt
	// key derivation function. Together with the N parameter, the r
	// parameter determines the memory block size and number of hashing
	// iterations. However, it is recommended to only change the r parameter
	// if you know what you're doing and if you have custom hardware with
	// different memory characteristics. Use the N parameter instead to
	// increase or decrease work.
	//
	// The value has been set to 8, which is the value recommended in
	// the official GoDocs.
	DefaultScryptR = 8

	// DefaultScryptP determines the number of parallelizable iterations
	// if the scrypt key derivation function. Increasing the value of p
	// can be used to optimize for processing or memory cost, but it cannot
	// be used to decrease the wall-clock-time of the key derivation
	// function. Use the N parameter for that.
	//
	// The value has been set to 1, which is the value recommended in
	// the official GoDocs.
	DefaultScryptP = 1
)
View Source 
const (
	// HMACSize defines the number of bytes in the resulting hash,
	//  i.e. the number of bits divided by 8.
	HMACSize = SymmetricKeyLength

	// SymmetricKeyLength defines number of bytes to use as key length (256 bits)
	// for symmetric encryption, i.e. the number of bits divided by 8.
	SymmetricKeyLength = sha256.Size // 32
)
View Source 
const (
	// RSAKeyLength defines the number of bits to use as key length for RSA keys.
	//
	// The size of 4096 bits has been chosen because 2048 bits is assumed to
	// last up to the year 2020. Have a look at https://keylength.org
	// Additionally, because 2048 bits and 4096 bits are the most commonly used
	// key lengths, we expect those key lengths to be more future proof in terms
	// of usability and we expect (more) efficient implementations to be developed
	// for those key lengths over less frequently used ones (e.g. 3072).
	RSAKeyLength = 4096
)

Variables

View Source 
var (
	ErrInvalidCiphertext = errCrypto.Code("invalid_ciphertext").Error("ciphertext contains invalid data")
	ErrWrongAlgorithm    = errCrypto.Code("wrong_algorithm").Error("unexpected algorithm of the encoded ciphertext")
	ErrInvalidMetadata   = errCrypto.Code("invalid_metadata").Error("metadata of encrypted key is invalid")
)

Errors

View Source 
var (
	ErrCannotDecryptKey       = errCrypto.Code("decrypt_error").ErrorPref("cannot decrypt key: %s")
	ErrIncorrectPassphrase    = errCrypto.Code("incorrect_passphrase").Error("cannot decrypt key: passphrase is incorrect")
	ErrNoPassphraseProvided   = errCrypto.Code("no_passphrase_provided").Error("cannot decode key: no passphrase provided")
	ErrDecryptionUnarmoredKey = errCrypto.Code("decryption_unarmored_key").Error("cannot decode key: trying to decrypt unarmored key")
)

Errors

View Source 
var (
	ErrGenerateRSAKey                  = errCrypto.Code("rsa_generate_fail").Error("could not generate RSA key")
	ErrRSADecrypt                      = errCrypto.Code("rsa_decrypt_failed").ErrorPref("could not decrypt data: %s")
	ErrRSAEncrypt                      = errCrypto.Code("rsa_encrypt_failed").ErrorPref("could not encrypt data: %s")
	ErrNoKeyInFile                     = errCrypto.Code("no_key_in_file").Error("no key found in file")
	ErrMultipleKeysInFile              = errCrypto.Code("multiple_keys_in_file").Error("multiple keys found in file")
	ErrNotPKCS1Format                  = errCrypto.Code("key_wrong_format").Error("key must be in pkcs1 format")
	ErrNoPublicKeyFoundInImport        = errCrypto.Code("no_public_key_in_import").Error("no public key found in import")
	ErrMultiplePublicKeysFoundInImport = errCrypto.Code("multiple_public_keys_in_import").Error("multiple public keys found in import")
	ErrKeyTypeNotSupported             = errCrypto.Code("key_type_not_supported").Error("key type is not supported")
	ErrEmptyPassphrase                 = errCrypto.Code("empty_passphrase").Error("passphrase is empty")

	ErrEmptyPublicKey = errors.New("public key should not be empty")
)

Errors

View Source 
var (
	ErrInvalidSalt          = errCrypto.Code("invalid_salt").Error("salt must contain 2 purpose bytes and at least 8 bytes (64 bits) random bits")
	ErrInvalidSaltPurpose   = errCrypto.Code("invalid_salt_purpose").Error("salt purpose is invalid")
	ErrInvalidSaltOperation = errCrypto.Code("invalid_salt_operation").Error("salt operation type is invalid")
	ErrInvalidSaltAlgo      = errCrypto.Code("invalid_salt_algo").Error("salt algorithm is invalid")
)

Errors

View Source 
var (
	ErrInvalidKeyLength = errCrypto.Code("invalid_key_length").Error("key length must be either 16, 24, or 32 bytes long (128, 196 or 256 bits)")
	ErrInvalidN         = errCrypto.Code("invalid_n").Error("scrypt parameter N must be a power of 2 and at least 2^15")
	ErrInvalidR         = errCrypto.Code("invalid_r").Error("scrypt parameter r must be 8")
	ErrInvalidP         = errCrypto.Code("invalid_p").Error("scrypt parameter p must be 1")
)

Errors

View Source 
var (
	ErrInvalidCipher = errCrypto.Code("aes_cipher_invalid").ErrorPref("cipher is invalid: %v")
	ErrAESDecrypt    = errCrypto.Code("aes_decrypt_failed").ErrorPref("could not decrypt data: %s")
	ErrAESEncrypt    = errCrypto.Code("aes_encrypt_failed").ErrorPref("could not encrypt data: %s")
)

Errors

Functions

func IsWrongKey 

func IsWrongKey(err error) bool

IsWrongKey returns true when the error can be the result of a wrong key being used for decryption.

func SHA256 added in v0.25.0 

func SHA256(in []byte) []byte

SHA256 creates a SHA256 hash of the given bytes.

func ValidatePassphrase 

func ValidatePassphrase(passphrase []byte) error

ValidatePassphrase validates that a passphrase isn't empty.

func Verify 

func Verify(encodedPublicKey, message, signature []byte) error

Verify decodes the given public key and returns nil when the given signature is the result of hashing the given message and signing it with the private key that corresponds to the given public key. It returns an error when the signature is not valid (for this public key).

Types

type CiphertextAES 

type CiphertextAES struct {
	Data  []byte
	Nonce []byte
}

CiphertextAES represents data encrypted with AES-GCM.

func DecodeCiphertextAESFromString added in v0.18.0 

func DecodeCiphertextAESFromString(s string) (CiphertextAES, error)

DecodeCiphertextAESFromString decodes an encoded ciphertext string to an CiphertextAES.

func (CiphertextAES) EncodeToString added in v0.18.0 

func (ct CiphertextAES) EncodeToString() string

EncodeToString encodes the ciphertext in a string.

func (CiphertextAES) MarshalJSON 

func (ct CiphertextAES) MarshalJSON() ([]byte, error)

MarshalJSON encodes the ciphertext in JSON.

func (*CiphertextAES) UnmarshalJSON 

func (ct *CiphertextAES) UnmarshalJSON(b []byte) error

UnmarshalJSON decodes JSON into a ciphertext.

type CiphertextRSA 

type CiphertextRSA struct {
	Data []byte
}

CiphertextRSA represents data encrypted with RSA-OAEP.

func DecodeCiphertextRSAFromString added in v0.18.0 

func DecodeCiphertextRSAFromString(s string) (CiphertextRSA, error)

DecodeCiphertextRSAFromString decodes an encoded ciphertext string to an CiphertextRSA.

func (CiphertextRSA) EncodeToString added in v0.18.0 

func (ct CiphertextRSA) EncodeToString() string

EncodeToString encodes the ciphertext in a string.

func (CiphertextRSA) MarshalJSON 

func (ct CiphertextRSA) MarshalJSON() ([]byte, error)

MarshalJSON encodes the ciphertext in JSON.

func (*CiphertextRSA) UnmarshalJSON 

func (ct *CiphertextRSA) UnmarshalJSON(b []byte) error

UnmarshalJSON decodes JSON into a ciphertext.

type CiphertextRSAAES 

type CiphertextRSAAES struct {
	AES CiphertextAES
	RSA CiphertextRSA
}

CiphertextRSAAES represents data encrypted with AES-GCM, where the AES key is encrypted with RSA-OAEP.

func DecodeCiphertextRSAAESFromString added in v0.18.0 

func DecodeCiphertextRSAAESFromString(s string) (CiphertextRSAAES, error)

DecodeCiphertextRSAAESFromString decodes an encoded ciphertext string to an CiphertextRSAAES.

func (CiphertextRSAAES) EncodeToString added in v0.18.0 

func (ct CiphertextRSAAES) EncodeToString() string

EncodeToString encodes the ciphertext in a string.

func (CiphertextRSAAES) MarshalJSON 

func (ct CiphertextRSAAES) MarshalJSON() ([]byte, error)

MarshalJSON encodes the ciphertext in JSON.

func (*CiphertextRSAAES) UnmarshalJSON 

func (ct *CiphertextRSAAES) UnmarshalJSON(b []byte) error

UnmarshalJSON decodes JSON into a ciphertext.

type PEMKey 

type PEMKey struct {
	// contains filtered or unexported fields
}

PEMKey contains a PEM encoded key and provides decode functions to RSAPrivateKey. Note that PEM encoded keys will be deprecated, so only decoding functions remain in the code base. To encode keys, check out RSAPrivateKey.Export instead.

func ReadPEM 

func ReadPEM(key []byte) (*PEMKey, error)

ReadPEM reads a single PEM key from a []byte.

func (PEMKey) Decode 

func (k PEMKey) Decode() (RSAPrivateKey, error)

Decode decodes the pem key to an RSA Key. If the key is encrypted it returns ErrNoPassphraseProvided and Decrypt should have been called. Use IsEncrypted to determine whether to Decrypt or only Decode the key.

func (*PEMKey) Decrypt 

func (k *PEMKey) Decrypt(password []byte) (RSAPrivateKey, error)

Decrypt decrypts the key using the password and decodes the PEM key to an RSA Key. If the key is not encrypted it returns ErrDecryptionUnarmoredKey and Decode should have been called instead. Use IsEncrypted to determine whether to Decrypt or only Decode the key.

func (PEMKey) IsEncrypted 

func (k PEMKey) IsEncrypted() bool

IsEncrypted checks if the key is encrypted or not. This can be useful for determining whether to Decrypt or Decode the key.

type RSAPrivateKey 

type RSAPrivateKey struct {
	// contains filtered or unexported fields
}

RSAPrivateKey provides asymmetric decryption and signing functionality using the RSA algorithm. For encryption and signature verification, see RSAPublicKey instead.

func GenerateRSAPrivateKey 

func GenerateRSAPrivateKey(length int) (RSAPrivateKey, error)

GenerateRSAPrivateKey generates a new RSA key with the given key length.

func ImportRSAPrivateKeyPEM 

func ImportRSAPrivateKeyPEM(privateKey []byte) (RSAPrivateKey, error)

ImportRSAPrivateKeyPEM decodes a given PEM encoded private key into an RSA private key.

func NewRSAPrivateKey 

func NewRSAPrivateKey(privateKey *rsa.PrivateKey) RSAPrivateKey

NewRSAPrivateKey is used to construct an RSA key from the given private key. Use GenerateRSAPrivateKey to randomly generate a new RSA key.

func (RSAPrivateKey) Decrypt 

func (prv RSAPrivateKey) Decrypt(ciphertext CiphertextRSAAES) ([]byte, error)

Decrypt uses the private key to decrypt the provided ciphertext, returning the resulting decrypted bytes. In order to decrypt the given ciphertext, it first unwraps the encrypted symmetric key using the RSA-OAEP algorithm and then uses the decrypted symmetric key to decrypt the rest of the ciphertext with the AES-GCM algorithm.

func (RSAPrivateKey) Encode added in v0.21.0 

func (prv RSAPrivateKey) Encode() []byte

Export returns the private key in ASN.1 DER encoded format.

func (RSAPrivateKey) ExportPEM 

func (prv RSAPrivateKey) ExportPEM() ([]byte, error)

ExportPEM returns the private key in PEM encoded format. After using ExportPEM, make sure to keep the result private.

func (RSAPrivateKey) ExportPrivateKeyWithPassphrase 

func (prv RSAPrivateKey) ExportPrivateKeyWithPassphrase(pass string) ([]byte, error)

ExportPrivateKeyWithPassphrase exports the rsa private key in a PKIX pem encoded format, encrypted with the given passphrase.

Note that this function will be deprecated. Use Export instead.

func (RSAPrivateKey) Public 

func (prv RSAPrivateKey) Public() RSAPublicKey

Public returns the public part of the RSA key pair.

func (RSAPrivateKey) ReWrapBytes 

func (prv RSAPrivateKey) ReWrapBytes(pub RSAPublicKey, encData []byte) ([]byte, error)

ReWrapBytes uses the private key to re-encrypt a small number of encrypted bytes for the given public key. Note that this function will be deprecated. Directly use Unwrap and Wrap when possible.

func (RSAPrivateKey) Sign 

func (prv RSAPrivateKey) Sign(message []byte) ([]byte, error)

Sign creates a SHA256 hash of the given message and uses the private key to sign the hash, returning the resulting signature.

func (RSAPrivateKey) Unwrap 

func (prv RSAPrivateKey) Unwrap(ciphertext CiphertextRSA) ([]byte, error)

Unwrap uses the private key to decrypt a small ciphertext that has been encrypted with the RSA-OAEP algorithm, returning the resulting decrypted bytes. Note that this should only be used for ciphertexts encrypted with RSA-OAEP. Use the Decrypt function for decrypting large ciphertexts.

func (RSAPrivateKey) UnwrapBytes 

func (prv RSAPrivateKey) UnwrapBytes(encryptedData []byte) ([]byte, error)

UnwrapBytes uses the private key to decrypt a small number of encrypted bytes with the RSA-OAEP algorithm, returning the resulting decrypted bytes. Note that this function will be deprecated. Directly use Unwrap instead when possible.

type RSAPublicKey 

type RSAPublicKey struct {
	// contains filtered or unexported fields
}

RSAPublicKey provides asymmetric encryption and signature verification functions.

func ImportRSAPublicKey 

func ImportRSAPublicKey(encodedPublicKey []byte) (RSAPublicKey, error)

ImportRSAPublicKey decodes a PEM encoded RSA public key into a public key that can be used for encryption and signature verification.

func (RSAPublicKey) Encode added in v0.21.0 

func (pub RSAPublicKey) Encode() ([]byte, error)

Encode uses PEM encoding to encode the public key as bytes so it can be easily stored and transferred between systems.

func (RSAPublicKey) Encrypt 

func (pub RSAPublicKey) Encrypt(data []byte) (CiphertextRSAAES, error)

Encrypt uses the public key to encrypt given data with the RSA-OAEP algorithm, returning the resulting ciphertext. In order to encrypt the given bytes, it first generates a random symmetric key and uses the AES-GCM algorithm to encrypt the data. Then, it uses the RSA public key to encrypt the intermediate symmetric key with the RSA-OAEP algorithm and combines both ciphertexts into one result.

func (RSAPublicKey) Fingerprint 

func (pub RSAPublicKey) Fingerprint() (string, error)

Fingerprint returns the SHA256 hash of the public key, encoded as a hexadecimal string.

func (RSAPublicKey) MaxWrapSize 

func (pub RSAPublicKey) MaxWrapSize() int

MaxWrapSize returns the maximum number of bytes that can be used as input of the Wrap function. To encrypt an arbitrary number of bytes, use the Encrypt function instead.

The maximum size for RSA-OAEP is defined RFC8017 section 7.1.1 and is related to the key length used and padding overhead of the encryption and hashing algorithms chosen.

func (RSAPublicKey) Verify 

func (pub RSAPublicKey) Verify(message, signature []byte) error

Verify returns nil when the given signature is the result of hashing the given message and signing it with the private key that corresponds to this public key. It returns an error when the signature is not valid (for this public key).

func (RSAPublicKey) Wrap 

func (pub RSAPublicKey) Wrap(data []byte) (CiphertextRSA, error)

Wrap uses the public key to encrypt a small number of bytes with the RSA-OAEP algorithm, returning the resulting ciphertext. The number of bytes may not exceed the maximum input length of the key, which can be calculated using the MaxWrapSize function. To encrypt an arbitrary number of bytes, use the Encrypt function instead.

func (RSAPublicKey) WrapBytes 

func (pub RSAPublicKey) WrapBytes(data []byte) ([]byte, error)

WrapBytes uses the public key to encrypt a small number of bytes with the RSA-OAEP algorithm, returning the resulting encrypted bytes. Note that this function will be deprecated soon, so use Wrap instead.

type Salt 

type Salt []byte

Salt defines a cryptographic salt to be used for key derivation functions, encryption schemes or message authentication schemes.

func (Salt) Purpose 

func (s Salt) Purpose() SaltPurpose

Purpose returns a salt's purpose octet.

func (Salt) Validate 

func (s Salt) Validate() error

Validate validates a salt.

type SaltAlgo 

type SaltAlgo byte

SaltAlgo distinguishes between different algorithms and different key lengths for which the salt should be used.

func (SaltAlgo) Alg 

func (sa SaltAlgo) Alg() string

Alg returns the algorithm to be used for the salt's designated algorithm.

func (SaltAlgo) KeyLen 

func (sa SaltAlgo) KeyLen() int

KeyLen returns the key length to be used for the salt's designated algorithm.

func (SaltAlgo) Validate 

func (sa SaltAlgo) Validate() error

Validate validates a salt algorithm.

type SaltOperation 

type SaltOperation byte

SaltOperation distinguishes between different operations for which a salt should be used.

func (SaltOperation) String 

func (so SaltOperation) String() string

func (SaltOperation) Validate 

func (so SaltOperation) Validate() error

Validate validates a salt operation.

type SaltPurpose 

type SaltPurpose struct {
	Algo      SaltAlgo
	Operation SaltOperation
}

SaltPurpose distinguishes between different use cases for which a salt should be used, distinguishing between algorithms, key lengths and operation types.

func (SaltPurpose) Bytes 

func (sp SaltPurpose) Bytes() []byte

Bytes returns the byte representation of a salt purpose.

func (SaltPurpose) Validate 

func (sp SaltPurpose) Validate() error

Validate validates a salt purpose.

func (SaltPurpose) Verify 

func (sp SaltPurpose) Verify(keyLen int, alg string, operation SaltOperation) error

Verify verifies whether a salt is intended for a given algorithm, key length, and operation type, returning an error when it is not.

func (SaltPurpose) VerifyAlgo 

func (sp SaltPurpose) VerifyAlgo(keyLen int, alg string) error

VerifyAlgo verifies whether a salt is intended for a given algorithm and key length, returning an error when it is not.

type ScryptKey 

type ScryptKey struct {
	KeyLen int
	Salt   Salt
	N      int
	R      int
	P      int
	// contains filtered or unexported fields
}

ScryptKey is a key derived using the scrypt algorithm with configured parameters.

func DeriveScryptKey 

func DeriveScryptKey(passphrase []byte, salt Salt, N, r, p, keyLen int) (*ScryptKey, error)

DeriveScryptKey derives a key using the scrypt algorithm with the given parameters.

func GenerateScryptKey 

func GenerateScryptKey(passphrase []byte) (*ScryptKey, error)

GenerateScryptKey derives a key from a passphrase, using the default parameters and a randomly generated salt for the key derivation function. To use other parameters or to supply an elsewhere generated salt, use DeriveScryptKey.

func (*ScryptKey) Decrypt 

func (k *ScryptKey) Decrypt(ciphertext CiphertextAES, operation SaltOperation) ([]byte, error)

Decrypt uses the key with the provided nonce to decrypt a given ciphertext with the AES-GCM algorithm, returning the resulting decrypted bytes. The key's salt purpose must allow for the given operation.

func (*ScryptKey) Encrypt 

func (k *ScryptKey) Encrypt(data []byte, operation SaltOperation) (CiphertextAES, error)

Encrypt uses the key to encrypt given bytes with the AES-GCM algorithm, returning the resulting ciphertext. The key's salt purpose must allow for the given operation.

func (ScryptKey) Validate 

func (k ScryptKey) Validate() error

Validate validates the key's parameters.

type SymmetricKey 

type SymmetricKey struct {
	// contains filtered or unexported fields
}

SymmetricKey provides symmetric encryption functions.

func GenerateSymmetricKey 

func GenerateSymmetricKey() (*SymmetricKey, error)

GenerateSymmetricKey generates a 256-bit symmetric key.

func NewSymmetricKey 

func NewSymmetricKey(key []byte) *SymmetricKey

NewSymmetricKey is used to construct a symmetric key from given bytes. Make sure the key bytes have enough entropy. When in doubt, use GenerateSymmetricKey instead.

func (*SymmetricKey) Decrypt 

func (k *SymmetricKey) Decrypt(ciphertext CiphertextAES) ([]byte, error)

Decrypt uses the key to decrypt a given ciphertext with the AES-GCM algorithm, returning the decrypted bytes.

func (*SymmetricKey) Encrypt 

func (k *SymmetricKey) Encrypt(data []byte) (CiphertextAES, error)

Encrypt uses the key to encrypt given data with the AES-GCM algorithm, returning the resulting ciphertext.

func (*SymmetricKey) Export 

func (k *SymmetricKey) Export() []byte

Export returns the bytes that form the basis of the symmetric key. After using Export, make sure to keep the result private.

func (SymmetricKey) HMAC 

func (k SymmetricKey) HMAC(data []byte) ([]byte, error)

HMAC uses the key to create a Hash-based Message Authentication Code of the given data with the SHA256 hashing algorithm, returning the given hash bytes.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.